@bokehDec 01.2005 — #That depends how the log in system works. If it uses php sessions just delete the session from the server. Closing the browser also does the same thing as far as the client is concerned. If log in is related to a cookie change the life of the cookie. Also consider having a definative log out feature.
@bokehDec 01.2005 — #A Cookie would be used so the user is remembered over a longer period and hence does not need to log in on each visit. To log someone out and destroy the session you need something like the following: [code=php]<?php # logout.php session_start(); $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-86400, '/'); } session_destroy();
@acemoauthorDec 01.2005 — #Oh, ok.. I got it like this now, I login, close my firefox, open firefox, go to the site again, and find myself still logged in.
This would give other ppl the possibility to get on my account if i would access the site on a public computer and close the browser instead of logging out.
@bokehDec 01.2005 — #That's just the way things are. If someone does not logout properly there is nothing you can do except wait for the session to timeout. The only other way might be some annoying and unreliable piece of javascript.
@bokehDec 01.2005 — #Oh, ok.. I got it like this now, I login, close my firefox, open firefox, go to the site again, and find myself still logged in.
This would give other ppl the possibility to get on my account if i would access the site on a public computer and close the browser instead of logging out.[/QUOTE]By the way it's no good just closing the window, you must close the browser comletely. All browser windows closed. The session will then still be active on the server but not the client.
@bokehDec 01.2005 — #Ohh, thats something will not happen on this pc, lol got always 5+ firefox tabs open
But on a public pc, i'd login, do my stuff, close the browser and am logged.
Thats ok ?[/QUOTE]Yes but the session still exists on the server even though it is over on the client. That means if someone has intercepted the session ID they could keep that session active indefinately.